Are There Any Teachers In The House?

[NegativeSpace]

I've asked the question here before and had no luck so far. Maybe I haven't described what I was looking for to enough detail. I am hoping there is a mature, experienced, and trustworthy hacker in the forums who likes to be a teacher. I am hoping that one of you is willing to talk to me directly form time to time to help me work my way through some hacking techniques that are a little bit out of my current ability. An example of one of these instances: today I have some free time, and before today I haven't really sat down and tried to learn the process of WPA PSK cracking in BackTrack 5, so I decided to do that. I of course went out on the internet looking for tutorials on ways to do crack WPA encryption keys, which are out there to be had. The problem is, most of these assume a certain level of prior BackTrack or BASH experience, and I don't have much of that. Needless to say, I have made zero progress in learning how to use a BackTrack tool/tools to crack a WPA PSK.

I can't always comprehend ideas that I read about very well. Most of the time I can learn more, and much easier, from watching someone do something than I can from reading about someone doing it. That's why I would like for someone with a teachers mentality to help me directly, in a live environment. I was thinking that maybe certain software like Skype, Teamviewer, Pidgin, etc, could be used to make it easy.

It wouldn't always be necessary to explain every detail of every step of a technique, but sometimes I will need detailed instructions. Cracking a WPA PSK, for example. I pretty well understand the concept of the WPA PSK encryption method, but that understanding doesn't really do anything to help me operate the software to crack it. I already understand what the software is going to do, I just don't know how to command it to do that. I don't need someone to explain to me hwo WPA PSK works, I just need someone to walk me through the steps of using the software. So after I learn the first technique of cracking WPA PSK's, I will understand what is actually happening, instead of just knowing that I can type some commands and the software will give me a string of characters on the other end.

Just to be clear and save everyone some time, I am not asking for links to online WPA PSK cracking tutorials or suggestions on which software to use. I have tried several tutorials and none of those have been exact and detailed enough to be useful to me. I'm also not asking for instructions on how to crack WPA PSK, I am asking for volunteers who like to wear a teaching hat. Anyone who is interested, please send me a private message or respond here. Thanks in advance!

[digip]

You don't want links to tutorials, but you need them. You should start, with Linux tutorials, and learn your way around the terminal. If you can use CMD in windows, you can use a terminal in Linux. Most of the tools you will use in BackTrack, are all command line based. Not all of them, but for the majority of what you will be doing, it will all be done from the command line.

As for WPA cracking, there are several tools these days to do it, but for me, I use the Aircrack suite. If you've watched/read any tuts on this and can't follow it, then maybe its a matter of getting more familiar with the command line and the tools in use.

In order to crack WPA, you need a few things. 1, an access point you know the WPA password to in advance. You should be doing this with your own router first just for that reason, so you can prove to yourself how it works. 2, a wireless card that can do injection and monitor mode. 3, the aircrack suite. 4, a password list with the known password. This is because to get the passphrase for WPA you will have to brute force it via aircrack. In a real world scenario, you won't know the password, and would need large dictionaries or rainbow tables using cowpatty. Bottom line, brute forcing, can take days and is not a simple process. The easiest part, will be getting the handshake, but brute forcing, will be the long, tedious part.

First thing you will need to do, is get your wireless access point setup with the password, and set to WPA. Since you know the password, you can create a password file with a few random words and your password, all on their own line. Name it something like passwords.txt and put it in your home folder. Depending on the version of backtrack you chose(gnome vs kde) you could do this with a gui text editor, or just do it from the command line. You can use something like nano, to create the file, or just echo them into a new file, appending each word to the list.

example:

echo foo > password.txt
echo foo123 >> password.txt
echo yourwpasecretpassword >> password.txt

The initial echo with > creates a new file password.txt. The second and third echo using >> appends to the file, (> writes a new file, >> appends it)

Ok. So now you have your access point setup, and your password file ready. Next thing you will want to do, is start your wireless card. You will have to make sure your card is compatible, that is something you do on your own and I can't help you with, but for the most part you want a card on this list that is known to work: http://www.backtrack-linux.org/wiki/index.php/Wireless_Drivers#Wireless_Cards

Once you have a card that works, lets start the card. You will want to open a few terminals. You can do that separately, or use the tabs in one terminal. Usually you only need 2 tabs.

First tab, you will want to prepare the card. You can do this manually, or via aircrack. Plug in your card and do an "ifconfig -a". This will list your NIC's on the machine. You should see lo, eth0 and one for the wireless card, depending on the card type, it could be wlan0 or some other name related to the card. That name, will be needed, so you have to find out this info first to start the card.

Not lets start the card in monitor mode. Some cards, need to be configured before bringing them up, so try the following commands first.

iwconfig wlan0 mode monitor
ifconfig wlan0 up promisc

What we did there, was put the card into montior mode, and bring it up in promiscuous mode. Not all cards can do promiscuous mode, but if its on the list I gave you above, it should work.

Not that the NIC is up and in monitor mode, we can do a quick survey of the access points around us to determine what channel your router is on.

airodump wlan0

By itself, this will listen to all access points on all channels and hop between them. Look for your AP and what channel its on. If its on channel 6 for example, take note of that. Also take note of your routers SSID and associated MAC address.

Now type ctrl+C to cancel airodump. Will will now restart it, listening only on the channel your router is on.

airodump-ng -c 6 --essid RoutersName -w dump wlan0

What that command above does, is sets airodump to listen on channel 6 only(important to know the channel your AP is on) and only captures for your routers name, -w writes to a file called dump(which will automatically create several files with pcap extensions, etc) and wlan0 is your wireless nic, which depends on the actual name you used to bring the card up.

Now, in that terminal, its listening to all traffic associated with that access point and capturing it to a file. Because this is wpa, you won't see much of anything in the pcap except for beacons and probes, and the handshake. In the second terminal or a new tab, you will continue with the next steps. Make sure one of your computers in the home, is connected to this router. For testing purposes, don't use the same machine you are capturing from. You will now want to kill the connection between the associated workstation and the access point. By default, most operating systems will automatically reconnect to the access point. Unless explicitly configured not to reconnect, you should be good to go. We will now deauth the workstation.

aireplay-ng -0 5 -a 00:01:02:03:04:05 -c 00:04:05:06:07:08 wlan0

where -a is the mac of the access point(gather this info from airodump screen) and -c is the mac of the workstation you are trying to remove. The "-0 5" or a "--deauth 5" is the deauth attack, with 5 replies to the router/workstation. As you do this, you can just bring the command back, with an up arrow on the keyboard, and keep resubmitting them. Space them out a few seconds, but as you do this and the workstation disconnects and reconnects, in the airodump windows you will see it tell you handshake found. Continue to do this a few more times, just to be safe, as you may have only received part of the handshake. In my experience, it takes a few deauths and reconnects, just to be safe.

Now. Once you have a captured handshake, we can then start the cracking process. In the airodump window, stop the capture. (CTRL+C).

aircrack-ng -w password.txt dump.pcap 

Where -w is your wordlist and dump.pcap is the captured handshake file.

If you did everything correctly it should prompt you for the access point you want to crack, which should only be 1 in the list, and when done, will show you the password you added to your text file.

I wrote all this, half from memory, and half from looking it up, as I don't have my laptop on and in front of me to go through everything, but that should work, and if it doesn't, either I left something out, or you did something wrong in the steps.

There are plenty of videos on YouTube that show how to do this, and tutorials on the Aircrack site itself, as well as thousands of links on google you can find for various other ways to do this, with and without aircrack.

[bazju]

That's very nicely written digip.

OP I would give that a try, and if you have issues post back here. This way others can learn while you learn.

[NegativeSpace]

You don't want links to tutorials, but you need them. You should start, with Linux tutorials, and learn your way around the terminal. If you can use CMD in windows, you can use a terminal in Linux. Most of the tools you will use in BackTrack, are all command line based. Not all of them, but for the majority of what you will be doing, it will all be done from the command line.

As for WPA cracking, there are several tools these days to do it, but for me, I use the Aircrack suite. If you've watched/read any tuts on this and can't follow it, then maybe its a matter of getting more familiar with the command line and the tools in use.

I think maybe you overlooked the prupose of the post. I posted this to try to find someone, who likes teaching hacking, to agree to talk to me live from time to time to help me out with anything I haven't been able to figure out. The learning WPA cracking techniques example is valid, because that's one thing I need help learning, but the point of this is to find a teacher, not to directly get help with WPA carcking. Don't get me wrong, your instructions are the best one's I've seen so far and I can probably use them to actually crack a WPA key, so thanks for that. However, considering how little experience I have with BASH and BackTrack, I want to be able to quickly message or skype or email someone, such as yourself, who can talk with me in real time when I am having trouble. It's just not practical to post a forum topic and wait for replys, or to look through 20 web sites whenever I get stuck on something that an experienced hacker can be helping me with inside of 30 seconds.

I have been reading a whole bunch of turtorials but most of them, honestly, are very poorly written, which is one of the reasons why I don't want links to those. I don't know if you read the part where I said I don't have good reading comprehension. I am pretty badly learning disabled when it comes to reading, so it can take me hours to read a few pages, and even then I have a hard time with comprehension. A lot of the decent ones assume a certain level of experience that makes them useless to me. My point to all of this is, I can learn a lot from online tutorials, but I still need a live human teacher.

Edited April 22, 2012 by NegativeSpace

[NegativeSpace]

I think maybe you overlooked the prupose of the post. I posted this to try to find someone, who likes teaching hacking, to agree to talk to me live from time to time to help me out with anything I haven't been able to figure out. The learning WPA cracking techniques example is valid, because that's one thing I need help learning, but the point of this is to find a teacher, not to directly get help with WPA carcking. Don't get me wrong, your instructions are the best one's I've seen so far and I can probably use them to actually crack a WPA key, so thanks for that. However, considering how little experience I have with BASH and BackTrack, I want to be able to quickly message or skype or email someone, such as yourself, who can talk with me in real time when I am having trouble. It's just not practical to post a forum topic and wait for replys, or to look through 20 web sites whenever I get stuck on something that an experienced hacker can be helping me with inside of 30 seconds.

I have been reading a whole bunch of turtorials but most of them, honestly, are very poorly written, which is one of the reasons why I don't want links to those. A lot of the decent ones assume a certain level of experience that makes them useless to me. My point to all of this is, I can learn a lot from online tutorials, but I still need a live human teacher.

[digip]

I think maybe you overlooked the prupose of the post. I posted this to try to find someone, who likes teaching hacking, to agree to talk to me live from time to time to help me out with anything I haven't been able to figure out. The learning WPA cracking techniques example is valid, because that's one thing I need help learning, but the point of this is to find a teacher, not to directly get help with WPA carcking. Don't get me wrong, your instructions are the best one's I've seen so far and I can probably use them to actually crack a WPA key, so thanks for that. However, considering how little experience I have with BASH and BackTrack, I want to be able to quickly message or skype or email someone, such as yourself, who can talk with me in real time when I am having trouble. It's just not practical to post a forum topic and wait for replys, or to look through 20 web sites whenever I get stuck on something that an experienced hacker can be helping me with inside of 30 seconds.

I have been reading a whole bunch of turtorials but most of them, honestly, are very poorly written, which is one of the reasons why I don't want links to those. I don't know if you read the part where I said I don't have good reading comprehension. I am pretty badly learning disabled when it comes to reading, so it can take me hours to read a few pages, and even then I have a hard time with comprehension. A lot of the decent ones assume a certain level of experience that makes them useless to me. My point to all of this is, I can learn a lot from online tutorials, but I still need a live human teacher.

If you want real time help, join an IRC channel on the topics you need help with, and in all seriousness, sign up for the Offensive Security classes. They have a dedicated IRC channel, just for students of the class and will help you with the exercises as well as anything backtrack related.

[NegativeSpace]

If you want real time help, join an IRC channel on the topics you need help with, and in all seriousness, sign up for the Offensive Security classes. They have a dedicated IRC channel, just for students of the class and will help you with the exercises as well as anything backtrack related.

Damn didn't think of IRC! That's a good idea. I've never used it before though. Which ones do you use?

[digip]

Damn didn't think of IRC! That's a good idea. I've never used it before though. Which ones do you use?

IRC has many different clients, some better than others, some more insecure than others. For people starting out with windows mIRC is a decent client for beginners, so long as you secure it and lock it down, and don't use any scripts people try to send you. Its the original file sharing app (XDCC for the win!) before peer to peer, but also can get your machine owned pretty quickly. Backtrack I believe comes with an irc client installed already, just go to the menu and look through things, forget which client it uses but I think its xchat (which I think you can get for windows as well). You can also get plugins for browsers like FF to use IRC right in the browser, or use Java and Javascript versions via web pages alone for some networks, but won't have any file sharing capabilities that way and some tend to have limited commands you can use in web page based clients.

As far as networks, I backtrack and offsec use freenode. Their channels require user registration ( http://freenode.net/faq.shtml#registering - site always seems down, but connecting to irc.freenode.net always seems to work for IRC clients and you cna read the MOTD to learn how to register yoru nick) as well as configuring a less than root user to connect to the irc channel. They will kick you from the channel if they see you are connected via backtrack using IRC as root. Mainly, because everyone knows the username and password for backtrack of root:toor, and you would get hacked pretty quickly running as root on IRC even if you changed your password, if they did hack your IRC client.

Guess you should start googling IRC for some more info. ;)

[NegativeSpace]

They will kick you from the channel if they see you are connected via backtrack using IRC as root. Mainly, because everyone knows the username and password for backtrack of root:toor, and you would get hacked pretty quickly running as root on IRC even if you changed your password, if they did hack your IRC client.

Guess you should start googling IRC for some more info. ;)

I guess it's time I get with the program and start using some IRC. That will be another source that should help me a lot. This info about the default user name and password for BackTrack has me wondering..... When a person changes his password, does that simply create a new user and leave the defualt root:toor user account available for anyone, who picks up your machine or connects remotely, to use with full on root privileges? What is the point of changing the password if it just leaves the default root account there?

[digip]

I guess it's time I get with the program and start using some IRC. That will be another source that should help me a lot. This info about the default user name and password for BackTrack has me wondering..... When a person changes his password, does that simply create a new user and leave the defualt root:toor user account available for anyone, who picks up your machine or connects remotely, to use with full on root privileges? What is the point of changing the password if it just leaves the default root account there?

no, no, no, no, no...when you are on backtrack, open a console and type "passwd". That will prompt you for a new password for the root user. However, just because you changed the password, does not necessarily make you secure. It doesn't create a new user, it only changes the root user password. But if you get hacked, while logged in as root and not a lower privileged user, if you are on an installed vs live environment, they now have root access and can do whatever they want with your system. For anything other than pentesting in a live disc, you would want to be logged on as a normal user that requires sudo or su to elevate to root privileges. Doing so, if you got hacked, prevents them from having root access, but thats a whole other ball of wax that in itself, could still be bad depending on the flaws in your system and the ability to elevate privileges.

In general, you should never run as root, but because of the way backtrack works, most tools require root access.

[NegativeSpace]

no, no, no, no, no...when you are on backtrack, open a console and type "passwd". That will prompt you for a new password for the root user. However, just because you changed the password, does not necessarily make you secure. It doesn't create a new user, it only changes the root user password. But if you get hacked, while logged in as root and not a lower privileged user, if you are on an installed vs live environment, they now have root access and can do whatever they want with your system. For anything other than pentesting in a live disc, you would want to be logged on as a normal user that requires sudo or su to elevate to root privileges. Doing so, if you got hacked, prevents them from having root access, but thats a whole other ball of wax that in itself, could still be bad depending on the flaws in your system and the ability to elevate privileges.

In general, you should never run as root, but because of the way backtrack works, most tools require root access.

I've been warned that it's potentially dangerous to run as root, but what can actually happen? Online articles and guides and such mostly just say that it allows attackers to have root after they own your box, or that the authorized user can screw things up. I don't use my BT box outside of my home network very often, and never on any unsecured or public WiFi, so I'm more worried about screwing things up myself, but what can actually happen? Is the accepted method for operating with lower priveleges to create a second user that defaults to sudo? If so, how is that done? What do you do when you are running with sudo priveleges and you need root?

[digip]

I've been warned that it's potentially dangerous to run as root, but what can actually happen? Online articles and guides and such mostly just say that it allows attackers to have root after they own your box, or that the authorized user can screw things up. I don't use my BT box outside of my home network very often, and never on any unsecured or public WiFi, so I'm more worried about screwing things up myself, but what can actually happen? Is the accepted method for operating with lower priveleges to create a second user that defaults to sudo? If so, how is that done? What do you do when you are running with sudo priveleges and you need root?

When you run as a lower user, anything that requires root, you would have to run sudo before hand, which requires the root password. So if an attacker got in and wanted to change anything that required root, they wouldn't be able to without knowing the root password, unless you didn't change it, by which thats just bad to begin with. Not changing the root password while still creating a new user, might as well not even bother, since they could easily guess root:toor.

Anyway, its a safeguard to them getting at root on the machine. Being that its backtrack, they could use everything on it, to attack the rest of your network, and it would look like your machine was the attacker, by which they wouldn't really care anyway. They could also use your machine to attack other machines on the internet, as if they were you, and you would be the ones authorities come after if something got traced back to your IP. Either way, you don't want to be running as root if you don't have to, its just not good practice to always be running as root. Same goes for windows. You should have an admin account, and the rest of the users should be under privileged, and require an admin to enable things, or for you to right click and "run as administrator" prompting for the admin password. Privilege escalation in windows is pretty trivial these days, but its definitely worth doing to safeguard the rest of the machine and the admin account from attack. If a users profile got hosed or hacked, you could just delete it and create a new user while shielding the system form the attacked profile(so long as they weren't able to gain system level access).

[NegativeSpace]

Not lets start the card in monitor mode. Some cards, need to be configured before bringing them up, so try the following commands first.

iwconfig wlan0 mode monitor
ifconfig wlan0 up promisc

What we did there, was put the card into montior mode, and bring it up in promiscuous mode. Not all cards can do promiscuous mode, but if its on the list I gave you above, it should work.

Not that the NIC is up and in monitor mode, we can do a quick survey of the access points around us to determine what channel your router is on.

airodump wlan0

By itself, this will listen to all access points on all channels and hop between them. Look for your AP and what channel its on. If its on channel 6 for example, take note of that. Also take note of your routers SSID and associated MAC address.

Earlier today, when I tried this the first time, I got wlan0 to go into monitor mode (or at least it seems that way). Then when I ran airodump-ng wlan0, the correct data fields came up, but they were all empty. I could see the card channel hopping. I used the WICD network manager and it said there were no networks in range. I had another machine right beside me that was connected to my network. I then restarted the machine and tried again, and when I got to putting the card in monitor mode, I got "Eroor for wireless request "Set Mode" (8B06): SET failed on device wlan0 ; invalid argument"

I tried again for wlan1, which is a no-name usb card with the RTL8187 chipset. I get the same error.

I never made it back to getting either card into monitor mode and getting airodump-ng to even search for and not find my network again.

Edited April 24, 2012 by NegativeSpace

[NegativeSpace]

When you run as a lower user, anything that requires root, you would have to run sudo before hand, which requires the root password. So if an attacker got in and wanted to change anything that required root, they wouldn't be able to without knowing the root password, unless you didn't change it, by which thats just bad to begin with. Not changing the root password while still creating a new user, might as well not even bother, since they could easily guess root:toor.

Anyway, its a safeguard to them getting at root on the machine. Being that its backtrack, they could use everything on it, to attack the rest of your network, and it would look like your machine was the attacker, by which they wouldn't really care anyway. They could also use your machine to attack other machines on the internet, as if they were you, and you would be the ones authorities come after if something got traced back to your IP. Either way, you don't want to be running as root if you don't have to, its just not good practice to always be running as root. Same goes for windows. You should have an admin account, and the rest of the users should be under privileged, and require an admin to enable things, or for you to right click and "run as administrator" prompting for the admin password. Privilege escalation in windows is pretty trivial these days, but its definitely worth doing to safeguard the rest of the machine and the admin account from attack. If a users profile got hosed or hacked, you could just delete it and create a new user while shielding the system form the attacked profile(so long as they weren't able to gain system level access).

That makes sense. Now the question is, how do I command BackTrack to default to prompting for cerdentials before it allows root privilges?

Edited April 24, 2012 by NegativeSpace

[digip]

how do I command BackTrack to default to prompting for cerdentials before it allows root privilges?

You have to add a new user, and when booting, login as the new user vs logging in as root. Then anything you do that needs root from the command line will fail unless you use sudo or it was put in your users group.

useradd YourNewLoginName
passwd YourNewLoginName

You could also add a user to a spcific group:

useradd -g GroupName YourNewLoginName

Where GoupName is the group you want the user to be part of and YourNewLoginName is whatever you want to sign onto the machine with.

Also read up on sudoers file and adding users.

Edited April 24, 2012 by digip

[digip]

Earlier today, when I tried this the first time, I got wlan0 to go into monitor mode (or at least it seems that way). Then when I ran airodump-ng wlan0, the correct data fields came up, but they were all empty. I could see the card channel hopping. I used the WICD network manager and it said there were no networks in range. I had another machine right beside me that was connected to my network. I then restarted the machine and tried again, and when I got to putting the card in monitor mode, I got "Eroor for wireless request "Set Mode" (8B06): SET failed on device wlan0 ; invalid argument"

I tried again for wlan1, which is a no-name usb card with the RTL8187 chipset. I get the same error.

I never made it back to getting either card into monitor mode and getting airodump-ng to even search for and not find my network again.

Some cards might cause some issues, but the realtek card should work. You can run dmesg before plugging in the card, then run it again, and see if the card shows any errors when plugging it in. Sometimes you need to shut down the interface and bring it back up again if something gets hosed. My old Linksys with a prism chipset gives me all kinds of issues, and since BT4 hasn't worked right since. I get get it to work, but not as well as it used to with BT2 and 3. The Drivers they have in BT4 and later always seemed to give me issues, but the realtek cards always seem to work fine for me.

You can also try using airmon-ng to start the card for you, or use airmon-zc if airmon-ng causes the card to hang or not respond to bringing it up and down (I find airmon-zc works better for me though).

[NegativeSpace]

Some cards might cause some issues, but the realtek card should work. You can run dmesg before plugging in the card, then run it again, and see if the card shows any errors when plugging it in. Sometimes you need to shut down the interface and bring it back up again if something gets hosed. My old Linksys with a prism chipset gives me all kinds of issues, and since BT4 hasn't worked right since. I get get it to work, but not as well as it used to with BT2 and 3. The Drivers they have in BT4 and later always seemed to give me issues, but the realtek cards always seem to work fine for me.

You can also try using airmon-ng to start the card for you, or use airmon-zc if airmon-ng causes the card to hang or not respond to bringing it up and down (I find airmon-zc works better for me though).

I didn't know about the dmesg command. I really need to get a BackTrack book and a BASH book. I ran the command, then ran again after I plugged in the Realtek USB card, but I didn't see any differences in the data. I didn't see anything that said wlan1, Realtek, 8187, or anything that would indicate I had plugged in the new card. I did see several "wlan0" entries. Might I need to run a command to start the card, and then run dmesg? I did try bringing both wlan interfaces down and back up several times. I even restarted the machine which, as I understand, isn't usually necessary or helpful when it comes to the linux kernel. Restarting the netbook is kinda slow though so the last ten times I tried it I was getting lazy and just restarting the x server.

Could I have done something to cause airmon-ng to stop working between the times when I had it working (I had someone helping me on Skype) and the last time I tried it?

When I issue dmesg, what is all that data I'm looking at? It looks like general hardware logs but there are some entries that look like encrypted SMS messages.

What is the difference between airmon-ng and airmon-zc?

[Radau]

I have some advice that could come in handy in your endeavors, as this is what I have been doing.

1. Get a notebook and start off with the HakTips, I only took notes on about 25 of Darren's, none of Snubs' as they're more optimization than hacking/cracking.

2. If there are local businesses around, walk in and ask to speak to an I.T. Director or Sysadmin and see if they are willing to release any boxes to you, through this method I acquired a Poweredge 2600 Server and 7 Optiplex GX280s to set up a lab in. If you do find someone willing to release materials (normally they just throw them in a dumpster) be sure to maintain contact with them as they can email you when something of possible use comes in.

3. I, personally, don't have the money for the offensive security classes (I'm only graduating high school this year.), but I know I have found a LOT of information in books, the things with the pages! Go check in a local library, or on amazon.com for titles that you should buy.. if you choose to do so. I hear a good method from a few people so far is to read some CompTIA prep books, such as the A+ (even if it is hardware) Security+ and Network+, as well as the official Nmap book.

I know, I'm not an expert, so you can choose to ignore my advice if you wish, once I finish up getting enough power routed for a lab and internet access, if you want to get in touch (Steam, Skype, Facebook) it's always good to learn something with a partner or small group within your same skill level, that's how I learned how to use windows server 2003 so quickly, shoot me a PM if you're interested.

[digip]

What is the difference between airmon-ng and airmon-zc?

Airmon-ng is the current stable version, and airmon-zc is what the next version is supposed to be, so might have more bug fixes, but also might have new bugs of its own. I fond that its worked better for me though as where airmon-ng, sometimes gets hosed and I for whatever reason can't bring the card down after using it without a reboot. One of the reasons I bring my card up manually is because airmon-ng in the past has bugged out on me and forced a reboot. Mainly I think because some cards, require you to put them in monitor mode before bringing them up with ifconfig, as where some other cards, will let you do iwconfig after the card is already running.

[NegativeSpace]

You have to add a new user, and when booting, login as the new user vs logging in as root. Then anything you do that needs root from the command line will fail unless you use sudo or it was put in your users group.

useradd YourNewLoginName
passwd YourNewLoginName

You could also add a user to a spcific group:

useradd -g GroupName YourNewLoginName

Where GoupName is the group you want the user to be part of and YourNewLoginName is whatever you want to sign onto the machine with.

Also read up on sudoers file and adding users.

I have just issued useradd and gave a new username, then issued passwd and gave it a new password. I logged out, and tried to log back in as my new user name, and after I gave my password, I got "No Directory, logging in with HOME=/

SudoUser@bt:/$"

What am I missing?

[digip]

Should have created a user folder for you in /home/username you chose, but if not, login as root and type useradd -D and see what the defaults are for the home folder, then just append the default path with your username to create the home folder for yourself. Example, if useradd -D shows HOME=/home, then do a "mkdir /home/yourname" where yoruname is the username you created, then reboot and login as that user and you should be good to go.

edit: forgot to mention, you will need to add yourself to the sudoers file. While logged on as root, type "visudo".

Arrow down to you see %admin, and on the next line, copy what you see on the line above but instead of %admin, you start the line with your new username. Then ctrl+x and Y to save. You can then use sudo as that user and will need to do so in order to startx from now on when using the new user. Make sure you set a different password than what root was when creating this user, or be sure to use passwd again to change it for the new user!!!

Any linux users care to fill in anything I may have skipped or left out?

Edited April 25, 2012 by digip

[digip]

Doh! Just realized why it didn't create the folder for you. I gave you the wrong command. GO back in, logon as root, enter "userdel usernametodelete" and also "rm -rf /home/usernameyouchose" and then re-add the user using "adduser usernameyouwant". adduser, will walk you through the prompts for password, etc, and will create the home folder with proper .Xauthority file so you can startx normally. When you boot for the first time, you will need to adjust your screen size but from there, when you now use the terminal, you should be logged in as your username vs root as before. If you already setup sudoers, you should be fine.

[NegativeSpace]

Should have created a user folder for you in /home/username you chose, but if not, login as root and type useradd -D and see what the defaults are for the home folder, then just append the default path with your username to create the home folder for yourself. Example, if useradd -D shows HOME=/home, then do a "mkdir /home/yourname" where yoruname is the username you created, then reboot and login as that user and you should be good to go.

edit: forgot to mention, you will need to add yourself to the sudoers file. While logged on as root, type "visudo".

Arrow down to you see %admin, and on the next line, copy what you see on the line above but instead of %admin, you start the line with your new username. Then ctrl+x and Y to save. You can then use sudo as that user and will need to do so in order to startx from now on when using the new user. Make sure you set a different password than what root was when creating this user, or be sure to use passwd again to change it for the new user!!!

Any linux users care to fill in anything I may have skipped or left out?

It worked! Thanks! How come, when I start a terminal, the prompt says sh-4.1#? Shouldn't it say something like SudoUser@bt or something like that?

Edit - I didn't see that last post by you. I was able to log in and start the x server with sudo startx. I wasn't aware that I could start the xserver without having to type sudo startx. I will follow the instructions from your last post and fix it.

Also, is the .Xauthority file just a list of users who are authorized to use the xserver?

Edited April 26, 2012 by NegativeSpace

[NegativeSpace]

Doh! Just realized why it didn't create the folder for you. I gave you the wrong command. GO back in, logon as root, enter "userdel usernametodelete" and also "rm -rf /home/usernameyouchose" and then re-add the user using "adduser usernameyouwant". adduser, will walk you through the prompts for password, etc, and will create the home folder with proper .Xauthority file so you can startx normally. When you boot for the first time, you will need to adjust your screen size but from there, when you now use the terminal, you should be logged in as your username vs root as before. If you already setup sudoers, you should be fine.

I now have a sudo user, and I can use startx instead of sudo startx, bu tnow I have the problem of my desktop being a default ubuntu 10.04 desktop instead of the nice BackTrack one. I also get the message "The panel encountered a problem while loading "OAFIID:GNOME_FastUserSwitchApplet" and am then asked if I want to delete the applet, and I chose no. If I delete teh applet will that fix the problem, or is there somethign else I will have to do to fix it?

If I log out and log back in as root, everything seems to be fine.

Edited April 26, 2012 by NegativeSpace

[NegativeSpace]

I've been trying and trying, and I just can not get airodump-ng to work. If i use the wlan0 broadcom chip, I get the data fields to come up, but ther eis no data present in them. If I use the wlan1 RTL8187 chip, there is an error "SET failed on device wlan1 ; invalid argument". I know that airodump-ng can work with my broadcom chip because I had it working once before, but I was only following instructions given to me by another forum user via Skype, and I can't remember exactly which commands he told me to issue and in what order. I am getting really frustrated. I can't find anything on the internet that helps me.